In Miami, as part of the S4 conference, Pwn2Own Maiami competition heldtraditionally organized by the Zero Day Initiative. This time, white hat hackers tried their hand at hacking industrial control systems and related protocols.
In total, eight teams signed up for this unusual Pwn2Own and decided to make 25 hacking attempts in five different categories. These categories included servers for industrial systems, workstation software, human-machine interfaces (HMIs) and operator workstations, OPC UA servers, and DNP3 gateways. Target products for the competition were provided by Rockwell Automation, Schneider Electric, Triangle MicroWorks, Unified Automation, ICONICS, and Inductive Automation.
Prizes in each category ranged from $ 5,000 to $ 20,000, with the possibility of receiving a bonus of $ 5,000 per exploit for remote code execution.
The winner of the competition was the Incite Team, which included researchers Stephen Seeley and Chris Anastasio. In total, they earned $ 80,000 for exploits for Triangle Microworks SCADA Data Gateway, Inductive Automation Ignition, Rockwell Automation Studio 5000, OPC UA .NET and Iconics Genesis64. They also successfully hacked into Rockwell Automation FactoryTalk View SE, but this was only counted as a partial victory, since the exploit used a previously known vulnerability.
As winners of the contest, Seeley and Anastasio also received 65,000 prize points from ZDI, which provided them with a bonus of $ 25,000 and other benefits in the ZDI vulnerability disclosure program.
Researchers from the Horst Goertz Institute took second place and earned a total of $ 75,000 for hacking Triangle Microworks SCADA Data Gateway, Rockwell Automation FactoryTalk View SE and Iconics Genesis64. They also discovered vulnerabilities in Inductive Automation Ignition, but someone else had previously reported these issues.
Pedro Ribeiro and Radek Domansky of the Flashback Team took third place and also earned $ 75,000 in hacking Iconics Genesis64, Inductive Automation Ignition, and Rockwell Automation FactoryTalk View SE.
Claroty Research team received a total of $ 50,000 for exploits targeting Iconics Genesis64, Schneider Electric EcoStruxure Operator Terminal Expert, and Rockwell Automation FactoryTalk View SE. They also demonstrated vulnerabilities in Inductive Automation Ignition and Triangle Microworks SCADA Data Gateway, but bugs were disclosed before that.
The remaining participants in the competition did not receive money, as they demonstrated vulnerabilities that other Pwn2Own participants had previously reported. They were awarded Master of Pwn points for partial victories.